Bitcoin ATM Developer Sunsetting Cloud Services Following an Exploit Draining $1.5 Million Assets
General Bytes, the famous Bitcoin manufacturing company, has revealed plans to close its cloud service unit. An official report from General Bytes dated March 18 revealed that the recent malicious attack on the system had prompted the company to make the difficult decision.
The company disclosed that the attack weakened the system’s security to gain access to the user’s sensitive information, including passwords and private keys. After probing the matter, the General Bytes technical team observed that the unscrupulous players had utilized master service tools to deploy a Java application on the system.
The hackers’ infiltration of the General Byte network was aimed at paving the way for hackers to engage in fraudulent schemes.
Impact of Hacking
A report from the founder of General Bytes, Karel Kyovsky, on March 18 revealed that the malicious attack aimed at gaining access to the company database. Kyovsky argued that bad actors deployed a suspicious application on the General Bytes network to exploit the API keys.
This nefarious act enabled the hackers to access the user information draining a substantial amount of assets. He confessed that the hackers managed to obtain user information, including passwords and private keys and turn off the 2FA accessibility.
Beyond this, Kyovsky reiterates that the malicious attack compromised the cloud service program and other servers. In his address, Kyovsky stated that General Bytes has regularly conducted internal and external security audits since 2021.
A review of the 2021-2022 audit reports fails to identify the recent security weakness in the General Bytes system.
Unplanned Closure of General Bytes Cloud Services
Kyovsky reported that the hackers compromised 41 digital wallet addresses to access the locked “hot wallets.” Following the Kyovsky report, security experts probing the matter from analytic firm On-chain revealed that the hackers drained 56 Bitcoin (BTC) valued at $ 1.54 million.
The March 18 On-Chain report demonstrated that the hackers engaged in multiple transactions on the Ethereum network heisting 21.82 Ethers worth $36000 at the current market price.
Nevertheless, the security breaches prompted the General Bytes team to issue a cautious report outlining the security steps the BTC ATM service providers must follow.
According to the report, more than 15000 BTC ATMs are urged to invest in deploying self-owned standalone servers. The BTC ATM operators are advised to launch 2 patches of the crypto application server (CAS) to support system security.
Additionally, the operators are encouraged to maintain their security tools, including the firewall and VPN built on the CAS. The operators are tasked to invalidate the existing user information since the attackers have already compromised them.
In the meantime, the users must use new passwords and private keys to access their accounts. This measure mirrors the security action adopted by General Bytes during last year’s attack.